<?php
include_once("includes/config.php");
db_connection();

$userToken = $_POST['token'];
$task = $_POST['task'];
$newPassword = $_POST ['newPassword'];
$newEmail = $_POST ['newEmail'];

$query = "SELECT value FROM sessionInfo WHERE token = '$userToken'";
$result = mysql_query($query) or die(mysql_error());

$info = explode(':',$result);
$username = $info[0];
$password = $info[1];

if(mysql_num_rows($result) != 0)
{
	switch ($task) {
		case "reset_email":
			$query = "UPDATE tbl_user SET email = '$newEmail' WHERE username = '$username'";
			$result = mysql_query($query) or die(mysql_error());
			echo "__successful__";  // set new email
			break;
		case "reset_password":
			$pw = md5($newPassword);
			$query = "UPDATE tbl_user SET password = '$pw' WHERE username = '$username'";
			$result = mysql_query($query) or die(mysql_error());
			echo "__successful__";  // set new password
			break;
	}
}
else
{
	echo "__failed__"; // for incorrect response
}
db_close();
?> 